API for GNS record-related crypto. More...

#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_constants.h"
#include "gnunet_signatures.h"
#include "gnunet_arm_service.h"
#include "gnunet_gnsrecord_lib.h"
#include "gnunet_dnsparser_lib.h"
#include "gnunet_tun_lib.h"

Include dependency graph for gnsrecord_crypto.c:

Data Structures
struct	KeyCacheLine
	Line in cache mapping private keys to public keys. More...

Macros
#define	LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)

#define	CSIZE 64

Functions
ssize_t	ecdsa_symmetric_decrypt (const void block, size_t size, const unsigned char key, const unsigned char ctr, void result)

ssize_t	ecdsa_symmetric_encrypt (const void block, size_t size, const unsigned char key, const unsigned char ctr, void result)

static void	derive_block_aes_key (unsigned char ctr, unsigned char key, const char label, uint64_t exp, const struct GNUNET_CRYPTO_EcdsaPublicKey pub)
	Derive session key and iv from label and public key. More...

static struct GNUNET_GNSRECORD_Block *	block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey key, const struct GNUNET_CRYPTO_EcdsaPublicKey pkey, struct GNUNET_TIME_Absolute expire, const char label, const struct GNUNET_GNSRECORD_Data rd, unsigned int rd_count)
	Sign name and records. More...

struct GNUNET_GNSRECORD_Block *	GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey key, struct GNUNET_TIME_Absolute expire, const char label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
	Sign name and records. More...

struct GNUNET_GNSRECORD_Block *	GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey pkey, struct GNUNET_TIME_Absolute expire, const char label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
	Sign name and records, cache derived public key (also keeps the private key in static memory, so do not use this function if keeping the private key in the process'es RAM is a major issue). More...

enum GNUNET_GenericReturnValue	GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
	Check if a signature is valid. More...

enum GNUNET_GenericReturnValue	block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock block, const struct GNUNET_CRYPTO_EcdsaPublicKey zone_key, const char label, GNUNET_GNSRECORD_RecordCallback proc, void proc_cls)

enum GNUNET_GenericReturnValue	GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block block, const struct GNUNET_IDENTITY_PublicKey zone_key, const char label, GNUNET_GNSRECORD_RecordCallback proc, void proc_cls)
	Decrypt block. More...

void	GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_IDENTITY_PrivateKey zone, const char label, struct GNUNET_HashCode *query)
	Calculate the DHT query for a given label in a given zone. More...

void	GNUNET_GNSRECORD_query_from_public_key (const struct GNUNET_IDENTITY_PublicKey pub, const char label, struct GNUNET_HashCode *query)
	Calculate the DHT query for a given label in a given zone. More...

Detailed Description

API for GNS record-related crypto.

Author: Martin Schanzenbach; Matthias Wachs; Christian Grothoff

Definition in file gnsrecord_crypto.c.

Macro Definition Documentation

◆ LOG

#define LOG	(	kind,
		...
	)	GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)

Definition at line 38 of file gnsrecord_crypto.c.

◆ CSIZE

#define CSIZE 64

Referenced by GNUNET_GNSRECORD_block_create2().

Function Documentation

◆ ecdsa_symmetric_decrypt()

ssize_t ecdsa_symmetric_decrypt	(	const void *	block,
		size_t	size,
		const unsigned char *	key,
		const unsigned char *	ctr,
		void *	result
	)

Definition at line 41 of file gnsrecord_crypto.c.

References GNUNET_assert, GNUNET_CRYPTO_AES_KEY_LENGTH, handle, and size.

Referenced by block_decrypt_ecdsa().

 {
   gcry_cipher_hd_t handle;
   int rc;
 
   GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
                                         GCRY_CIPHER_MODE_CTR, 0));
   rc = gcry_cipher_setkey (handle,
                            key,
                            GNUNET_CRYPTO_AES_KEY_LENGTH);
   GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
   rc = gcry_cipher_setctr (handle,
                            ctr,
                            GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
   GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
   GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size));
   gcry_cipher_close (handle);
   return size;
 }

Here is the caller graph for this function:

◆ ecdsa_symmetric_encrypt()

ssize_t ecdsa_symmetric_encrypt	(	const void *	block,
		size_t	size,
		const unsigned char *	key,
		const unsigned char *	ctr,
		void *	result
	)

Definition at line 69 of file gnsrecord_crypto.c.

References GNUNET_assert, GNUNET_CRYPTO_AES_KEY_LENGTH, handle, and size.

Referenced by block_create_ecdsa().

 {
   gcry_cipher_hd_t handle;
   int rc;
 
   GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
                                         GCRY_CIPHER_MODE_CTR, 0));
   rc = gcry_cipher_setkey (handle,
                            key,
                            GNUNET_CRYPTO_AES_KEY_LENGTH);
   GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
   rc = gcry_cipher_setctr (handle,
                            ctr,
                            GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
   GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
   GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, block, size));
   gcry_cipher_close (handle);
   return size;
 }

Here is the caller graph for this function:

◆ derive_block_aes_key()

static void derive_block_aes_key	(	unsigned char *	ctr,
		unsigned char *	key,
		const char *	label,
		uint64_t	exp,
		const struct GNUNET_CRYPTO_EcdsaPublicKey *	pub
	)

static

Derive session key and iv from label and public key.

Parameters

iv	initialization vector to initialize
skey	session key to initialize
label	label to use for KDF
pub	public key to use for KDF

4 byte nonce

Expiration time 64 bit.

Set counter part to 1

Definition at line 105 of file gnsrecord_crypto.c.

References GNUNET_CRYPTO_AES_KEY_LENGTH, and GNUNET_CRYPTO_kdf().

Referenced by block_create_ecdsa(), and block_decrypt_ecdsa().

 {
   static const char ctx_key[] = "gns-aes-ctx-key";
   static const char ctx_iv[] = "gns-aes-ctx-iv";
 
   GNUNET_CRYPTO_kdf (key, GNUNET_CRYPTO_AES_KEY_LENGTH,
                      ctx_key, strlen (ctx_key),
                      pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
                      label, strlen (label),
                      NULL, 0);
   memset (ctr, 0, GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
   GNUNET_CRYPTO_kdf (ctr, 4,
                      ctx_iv, strlen (ctx_iv),
                      pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
                      label, strlen (label),
                      NULL, 0);
   memcpy (ctr + 4, &exp, sizeof (exp));
   ctr[15] |= 0x01;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ block_create_ecdsa()

static struct GNUNET_GNSRECORD_Block* block_create_ecdsa	(	const struct GNUNET_CRYPTO_EcdsaPrivateKey *	key,
		const struct GNUNET_CRYPTO_EcdsaPublicKey *	pkey,
		struct GNUNET_TIME_Absolute	expire,
		const char *	label,
		const struct GNUNET_GNSRECORD_Data *	rd,
		unsigned int	rd_count
	)

static

Sign name and records.

Parameters

key	the private key
pkey	associated public key
expire	block expiration
label	the name for the records
rd	record data
rd_count	number of records

Returns: NULL on error (block too large)

Definition at line 145 of file gnsrecord_crypto.c.

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_TIME_AbsoluteNBO::abs_value_us__, derive_block_aes_key(), GNUNET_GNSRECORD_EcdsaBlock::derived_key, GNUNET_GNSRECORD_Block::ecdsa_block, ecdsa_symmetric_encrypt(), GNUNET_GNSRECORD_Data::expiration_time, GNUNET_GNSRECORD_EcdsaBlock::expiration_time, GNUNET_GNSRECORD_Data::flags, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_AES_KEY_LENGTH, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_ecdsa_sign_(), GNUNET_free, GNUNET_GNSRECORD_MAX_BLOCK_SIZE, GNUNET_GNSRECORD_records_get_size(), GNUNET_GNSRECORD_records_serialize(), GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION, GNUNET_GNSRECORD_TYPE_PKEY, GNUNET_malloc, GNUNET_memcpy, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, GNUNET_TIME_absolute_add(), GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), payload, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_GNSRECORD_EcdsaBlock::purpose, GNUNET_TIME_Relative::rel_value_us, GNUNET_GNSRECORD_EcdsaBlock::signature, GNUNET_CRYPTO_EccSignaturePurpose::size, and GNUNET_GNSRECORD_Block::type.

Referenced by GNUNET_GNSRECORD_block_create(), and GNUNET_GNSRECORD_block_create2().

 {
   ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
                                                            rd);
   struct GNUNET_GNSRECORD_Block *block;
   struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
   struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
   unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
   unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
   struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
   uint32_t rd_count_nbo;
   struct GNUNET_TIME_Absolute now;
 
   if (payload_len < 0)
   {
     GNUNET_break (0);
     return NULL;
   }
   if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
   {
     GNUNET_break (0);
     return NULL;
   }
   /* convert relative to absolute times */
   now = GNUNET_TIME_absolute_get ();
   for (unsigned int i = 0; i < rd_count; i++)
   {
     rdc[i] = rd[i];
     if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
     {
       struct GNUNET_TIME_Relative t;
 
       /* encrypted blocks must never have relative expiration times, convert! */
       rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
       t.rel_value_us = rdc[i].expiration_time;
       rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
     }
   }
   /* serialize */
   rd_count_nbo = htonl (rd_count);
   {
     char payload[sizeof(uint32_t) + payload_len];
 
     GNUNET_memcpy (payload,
                    &rd_count_nbo,
                    sizeof(uint32_t));
     GNUNET_assert (payload_len ==
                    GNUNET_GNSRECORD_records_serialize (rd_count,
                                                        rdc,
                                                        payload_len,
                                                        &payload[sizeof(uint32_t)
                                                        ]));
     block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block)
                            + sizeof(uint32_t)
                            + payload_len);
     ecblock = &block->ecdsa_block;
     block->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
     ecblock->purpose.size = htonl (sizeof(uint32_t)
                                    + payload_len
                                    + sizeof(struct
                                             GNUNET_CRYPTO_EccSignaturePurpose)
                                    + sizeof(struct GNUNET_TIME_AbsoluteNBO));
     ecblock->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
     ecblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
     /* encrypt and sign */
     dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
                                                    label,
                                                    "gns");
     GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
                                         &ecblock->derived_key);
     derive_block_aes_key (ctr,
                           skey,
                           label,
                           ecblock->expiration_time.abs_value_us__,
                           pkey);
     GNUNET_break (payload_len + sizeof(uint32_t) ==
                   ecdsa_symmetric_encrypt (payload,
                                            payload_len
                                            + sizeof(uint32_t),
                                            skey,
                                            ctr,
                                            &ecblock[1]));
   }
   if (GNUNET_OK !=
       GNUNET_CRYPTO_ecdsa_sign_ (dkey,
                                  &ecblock->purpose,
                                  &ecblock->signature))
   {
     GNUNET_break (0);
     GNUNET_free (dkey);
     GNUNET_free (block);
     return NULL;
   }
   GNUNET_free (dkey);
   return block;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ block_decrypt_ecdsa()

enum GNUNET_GenericReturnValue block_decrypt_ecdsa	(	const struct GNUNET_GNSRECORD_EcdsaBlock *	block,
		const struct GNUNET_CRYPTO_EcdsaPublicKey *	zone_key,
		const char *	label,
		GNUNET_GNSRECORD_RecordCallback	proc,
		void *	proc_cls
	)

Definition at line 381 of file gnsrecord_crypto.c.

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_TIME_AbsoluteNBO::abs_value_us__, derive_block_aes_key(), ecdsa_symmetric_decrypt(), GNUNET_GNSRECORD_Data::expiration_time, GNUNET_GNSRECORD_EcdsaBlock::expiration_time, GNUNET_GNSRECORD_Data::flags, GNUNET_break, GNUNET_break_op, GNUNET_CRYPTO_AES_KEY_LENGTH, GNUNET_ERROR_TYPE_INFO, GNUNET_GNSRECORD_records_deserialize(), GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION, GNUNET_GNSRECORD_RF_SHADOW_RECORD, GNUNET_log, GNUNET_memcpy, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_absolute_time_to_string(), GNUNET_SYSERR, GNUNET_TIME_absolute_get(), GNUNET_YES, KeyCacheLine::key, payload, GNUNET_GNSRECORD_EcdsaBlock::purpose, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by GNUNET_GNSRECORD_block_decrypt().

 {
   size_t payload_len = ntohl (block->purpose.size)
                        - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
                        - sizeof(struct GNUNET_TIME_AbsoluteNBO);
   unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
   unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
 
   if (ntohl (block->purpose.size) <
       sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
       + sizeof(struct GNUNET_TIME_AbsoluteNBO))
   {
     GNUNET_break_op (0);
     return GNUNET_SYSERR;
   }
   derive_block_aes_key (ctr,
                         key,
                         label,
                         block->expiration_time.abs_value_us__,
                         zone_key);
   {
     char payload[payload_len];
     uint32_t rd_count;
 
     GNUNET_break (payload_len ==
                   ecdsa_symmetric_decrypt (&block[1], payload_len,
                                            key, ctr,
                                            payload));
     GNUNET_memcpy (&rd_count,
                    payload,
                    sizeof(uint32_t));
     rd_count = ntohl (rd_count);
     if (rd_count > 2048)
     {
       /* limit to sane value */
       GNUNET_break_op (0);
       return GNUNET_SYSERR;
     }
     {
       struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
       unsigned int j;
       struct GNUNET_TIME_Absolute now;
 
       if (GNUNET_OK !=
           GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof(uint32_t),
                                                 &payload[sizeof(uint32_t)],
                                                 rd_count,
                                                 rd))
       {
         GNUNET_break_op (0);
         return GNUNET_SYSERR;
       }
       /* hide expired records */
       now = GNUNET_TIME_absolute_get ();
       j = 0;
       for (unsigned int i = 0; i < rd_count; i++)
       {
         if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
         {
           /* encrypted blocks must never have relative expiration times, skip! */
           GNUNET_break_op (0);
           continue;
         }
 
         if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))
         {
           int include_record = GNUNET_YES;
           /* Shadow record, figure out if we have a not expired active record */
           for (unsigned int k = 0; k < rd_count; k++)
           {
             if (k == i)
               continue;
             if (rd[i].expiration_time < now.abs_value_us)
               include_record = GNUNET_NO;       /* Shadow record is expired */
             if ((rd[k].record_type == rd[i].record_type) &&
                 (rd[k].expiration_time >= now.abs_value_us) &&
                 (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)))
             {
               include_record = GNUNET_NO;         /* We have a non-expired, non-shadow record of the same type */
               GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                           "Ignoring shadow record\n");
               break;
             }
           }
           if (GNUNET_YES == include_record)
           {
             rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD;       /* Remove Flag */
             if (j != i)
               rd[j] = rd[i];
             j++;
           }
         }
         else if (rd[i].expiration_time >= now.abs_value_us)
         {
           /* Include this record */
           if (j != i)
             rd[j] = rd[i];
           j++;
         }
         else
         {
           struct GNUNET_TIME_Absolute at;
 
           at.abs_value_us = rd[i].expiration_time;
           GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                       "Excluding record that expired %s (%llu ago)\n",
                       GNUNET_STRINGS_absolute_time_to_string (at),
                       (unsigned long long) rd[i].expiration_time
                       - now.abs_value_us);
         }
       }
       rd_count = j;
       if (NULL != proc)
         proc (proc_cls,
               rd_count,
               (0 != rd_count) ? rd : NULL);
     }
   }
   return GNUNET_OK;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

Data Structures

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ LOG

◆ CSIZE

Function Documentation

◆ ecdsa_symmetric_decrypt()

◆ ecdsa_symmetric_encrypt()

◆ derive_block_aes_key()

◆ block_create_ecdsa()

◆ block_decrypt_ecdsa()